new upstream release (2.4.29)
This commit is contained in:
Jan Vcelak
parent
65b981d99e
commit
31026088da
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
/openldap-2.4.28.tgz
|
||||
/openldap-2.4.29.tgz
|
||||
|
||||
@ -1,125 +0,0 @@
|
||||
Replication (syncrepl) with TLS causes segfault
|
||||
|
||||
Upstream ITS: #7136
|
||||
Upstrem commit: 4e9926ca9719a0dab8c780d3d2f4cf4bfc03bfdc
|
||||
Resolves: #783431
|
||||
Author: Jan Vcelak <jvcelak@redhat.com>
|
||||
|
||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||
index da230c5..092b59f 100644
|
||||
--- a/libraries/libldap/tls_m.c
|
||||
+++ b/libraries/libldap/tls_m.c
|
||||
@@ -1960,6 +1960,66 @@ tlsm_destroy( void )
|
||||
#endif
|
||||
}
|
||||
|
||||
+static struct ldaptls *
|
||||
+tlsm_copy_config ( const struct ldaptls *config )
|
||||
+{
|
||||
+ struct ldaptls *copy;
|
||||
+
|
||||
+ assert(config);
|
||||
+
|
||||
+ copy = LDAP_MALLOC(sizeof(*copy));
|
||||
+ if (!copy)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memset(copy, 0, sizeof(*copy));
|
||||
+
|
||||
+ if (config->lt_certfile)
|
||||
+ copy->lt_certfile = LDAP_STRDUP(config->lt_certfile);
|
||||
+ if (config->lt_keyfile)
|
||||
+ copy->lt_keyfile = LDAP_STRDUP(config->lt_keyfile);
|
||||
+ if (config->lt_dhfile)
|
||||
+ copy->lt_dhfile = LDAP_STRDUP(config->lt_dhfile);
|
||||
+ if (config->lt_cacertfile)
|
||||
+ copy->lt_cacertfile = LDAP_STRDUP(config->lt_cacertfile);
|
||||
+ if (config->lt_cacertdir)
|
||||
+ copy->lt_cacertdir = LDAP_STRDUP(config->lt_cacertdir);
|
||||
+ if (config->lt_ciphersuite)
|
||||
+ copy->lt_ciphersuite = LDAP_STRDUP(config->lt_ciphersuite);
|
||||
+ if (config->lt_crlfile)
|
||||
+ copy->lt_crlfile = LDAP_STRDUP(config->lt_crlfile);
|
||||
+ if (config->lt_randfile)
|
||||
+ copy->lt_randfile = LDAP_STRDUP(config->lt_randfile);
|
||||
+
|
||||
+ copy->lt_protocol_min = config->lt_protocol_min;
|
||||
+
|
||||
+ return copy;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+tlsm_free_config ( struct ldaptls *config )
|
||||
+{
|
||||
+ assert(config);
|
||||
+
|
||||
+ if (config->lt_certfile)
|
||||
+ LDAP_FREE(config->lt_certfile);
|
||||
+ if (config->lt_keyfile)
|
||||
+ LDAP_FREE(config->lt_keyfile);
|
||||
+ if (config->lt_dhfile)
|
||||
+ LDAP_FREE(config->lt_dhfile);
|
||||
+ if (config->lt_cacertfile)
|
||||
+ LDAP_FREE(config->lt_cacertfile);
|
||||
+ if (config->lt_cacertdir)
|
||||
+ LDAP_FREE(config->lt_cacertdir);
|
||||
+ if (config->lt_ciphersuite)
|
||||
+ LDAP_FREE(config->lt_ciphersuite);
|
||||
+ if (config->lt_crlfile)
|
||||
+ LDAP_FREE(config->lt_crlfile);
|
||||
+ if (config->lt_randfile)
|
||||
+ LDAP_FREE(config->lt_randfile);
|
||||
+
|
||||
+ LDAP_FREE(config);
|
||||
+}
|
||||
+
|
||||
static tls_ctx *
|
||||
tlsm_ctx_new ( struct ldapoptions *lo )
|
||||
{
|
||||
@@ -1971,7 +2031,7 @@ tlsm_ctx_new ( struct ldapoptions *lo )
|
||||
#ifdef LDAP_R_COMPILE
|
||||
ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
|
||||
#endif
|
||||
- ctx->tc_config = &lo->ldo_tls_info; /* pointer into lo structure - must have global scope and must not go away before we can do real init */
|
||||
+ ctx->tc_config = NULL; /* populated later by tlsm_ctx_init */
|
||||
ctx->tc_certdb = NULL;
|
||||
ctx->tc_certname = NULL;
|
||||
ctx->tc_pin_file = NULL;
|
||||
@@ -2038,6 +2098,10 @@ tlsm_ctx_free ( tls_ctx *ctx )
|
||||
#ifdef LDAP_R_COMPILE
|
||||
ldap_pvt_thread_mutex_destroy( &c->tc_refmutex );
|
||||
#endif
|
||||
+
|
||||
+ if ( c->tc_config )
|
||||
+ tlsm_free_config( c->tc_config );
|
||||
+
|
||||
LDAP_FREE( c );
|
||||
}
|
||||
|
||||
@@ -2048,6 +2112,7 @@ static int
|
||||
tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
||||
{
|
||||
tlsm_ctx *ctx = (tlsm_ctx *)lo->ldo_tls_ctx;
|
||||
+ ctx->tc_config = tlsm_copy_config(lt);
|
||||
ctx->tc_is_server = is_server;
|
||||
|
||||
return 0;
|
||||
@@ -2067,7 +2132,7 @@ tlsm_deferred_ctx_init( void *arg )
|
||||
|
||||
if ( tlsm_deferred_init( ctx ) ) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
- "TLS: could perform TLS system initialization.\n",
|
||||
+ "TLS: could not perform TLS system initialization.\n",
|
||||
0, 0, 0 );
|
||||
return -1;
|
||||
}
|
||||
@@ -2333,6 +2398,9 @@ tlsm_deferred_ctx_init( void *arg )
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ tlsm_free_config( ctx->tc_config );
|
||||
+ ctx->tc_config = NULL;
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1,22 +0,0 @@
|
||||
MozNSS + PEM: fix segfault when TLS certificate key is not set
|
||||
|
||||
Upstream ITS: #7135
|
||||
Upstream commit: 1107103dd7e767db9c080b3276cb6e742fcf36a1
|
||||
Resolves: #772890
|
||||
Author: Jan Vcelak <jvcelak@redhat.com>
|
||||
|
||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||
index 09348b7..da230c5 100644
|
||||
--- a/libraries/libldap/tls_m.c
|
||||
+++ b/libraries/libldap/tls_m.c
|
||||
@@ -2267,8 +2267,8 @@ tlsm_deferred_ctx_init( void *arg )
|
||||
}
|
||||
} else { /* set up secure server */
|
||||
SSLKEAType certKEA;
|
||||
- CERTCertificate *serverCert;
|
||||
- SECKEYPrivateKey *serverKey;
|
||||
+ CERTCertificate *serverCert = NULL;
|
||||
+ SECKEYPrivateKey *serverKey = NULL;
|
||||
SECStatus status;
|
||||
|
||||
/* must have a certificate for the server to use */
|
||||
@ -5,8 +5,8 @@
|
||||
%global evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
||||
|
||||
Name: openldap
|
||||
Version: 2.4.28
|
||||
Release: 3%{?dist}
|
||||
Version: 2.4.29
|
||||
Release: 1%{?dist}
|
||||
Summary: LDAP support libraries
|
||||
Group: System Environment/Daemons
|
||||
License: OpenLDAP
|
||||
@ -33,8 +33,6 @@ Patch5: openldap-ldaprc-currentdir.patch
|
||||
Patch6: openldap-userconfig-setgid.patch
|
||||
Patch7: openldap-dns-priority.patch
|
||||
Patch8: openldap-syncrepl-unset-tls-options.patch
|
||||
Patch9: openldap-nss-deferred-init-copy-params.patch
|
||||
Patch10: openldap-nss-segfault-key-not-set.patch
|
||||
|
||||
# Fedora specific patches
|
||||
Patch100: openldap-fedora-systemd.patch
|
||||
@ -136,8 +134,6 @@ pushd openldap-%{version}
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%patch100 -p1
|
||||
|
||||
@ -386,9 +382,6 @@ rm -f %{buildroot}%{_libdir}/openldap/*.so
|
||||
rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
|
||||
rmdir %{buildroot}%{_localstatedir}/openldap-data
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
@ -653,6 +646,13 @@ exit 0
|
||||
%{evolution_connector_prefix}/
|
||||
|
||||
%changelog
|
||||
* Mon Feb 13 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.29-1
|
||||
- new upstream release
|
||||
+ MozNSS fixes
|
||||
+ connection handling fixes
|
||||
+ server: buxfixes in mdb backend
|
||||
+ server: buxfixes in overlays (syncrepl, meta, monitor, perl, sql, dds, rwm)
|
||||
|
||||
* Tue Jan 31 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.28-3
|
||||
- fix: replication (syncrepl) with TLS causes segfault (#783431)
|
||||
- fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user